The Honeynet Project - qebek sebek qemu windowshttp://www.honeynet.org/taxonomy/term/74/0
enPrecall and Postcallhttp://www.honeynet.org/node/444
<p>When using hooking technology to intercept system calls, there are two different places to collect information: before the original function is called (precall) and after the original function returns (postcall). For example, in Sebek Win32 client, when callback function OnZwReadFile is called, it first calls the original function s_fnZwReadFile, after the original function returns, it checks whether the original call succeeds, if does, it then calls the data collection function LogIfStdHandle:</p>
<p><a href="http://www.honeynet.org/node/444" target="_blank">read more</a></p>qebek sebek qemu windowsGSoC Project #3 - Qebek: QEMU Based SebekSun, 14 Jun 2009 16:43:13 +0000chengyu.song444 at http://www.honeynet.org